Privacy notice

GOV.UK is provided by the Government Digital Service (GDS), part of the Cabinet Office.

The data controller for GDS is the Cabinet Office. A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.

What data we need

The personal data we collect from you includes:

  • questions, queries or feedback you leave, including your email address if you contact GOV.UK
  • your email address and subscription preferences when you sign up to our email alerts
  • how you use our emails - for example whether you open them and which links you click on
  • your Internet Protocol (IP) address, and details of which version of web browser you used
  • information on how you use the site, using cookies and page tagging techniques

The legal basis for processing this data is to perform a task in the public interest that is set out in law and is statute based.

Why we need it

We use Google Analytics software to collect information about how you use GOV.UK. We do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search.

Google Analytics stores information about:

  • the pages you visit on GOV.UK
  • how long you spend on each GOV.UK page
  • how you got to the site
  • what you click on while you’re visiting the site

We do not collect or store your personal information (for example your name or address) so this information cannot be used to identify who you are.

We also collect data in order to:

  • improve the site by monitoring how you use it
  • gather feedback to improve our services, for example our email alerts
  • respond to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • allow you to access government services and make transactions
  • provide you with information about local services if you want it

What we do with your data

The data we collect may be shared with supplier organisations, other government departments, agencies and public bodies.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

  • it is needed for the purposes set out in this document
  • the law requires us to

In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 7 years.

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may, throughout the course of its processing at GDS, be transferred outside of the European Economic Area (EEA). Where this is the case, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Data Protection Officer.

GOV.UK contains links to other websites.

This privacy policy only applies to GOV.UK, and doesn’t cover other government services and transactions that we link to. These services, such as GOV.UK Verify, have their own terms and conditions and privacy policies.

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

If you come to GOV.UK from another website, we may receive information from the other website. We don’t use this data. You should read the privacy policy of the website you came from to find out more about this.

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, GDS will take reasonable steps to let you know.

You can see previous versions of this page.

Contact us or make a complaint

Contact the Data Protection Officer (DPO) if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled

Data Protection Officer
DPO@cabinetoffice.gov.uk
Cabinet Office
70 Whitehall
London
SW1A 2AS

You can also make a complaint to the Information Commissioner, who is an independent regulator.

casework@ico.org.uk
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Last updated 17 May 2018